From a74125ebd5469f5b0015d148e86c76dda19a0a7c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 7 May 2024 10:01:56 -0400
Subject: [PATCH] chore(deps): update gitlab runner package dependencies (#77)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [gitlab-runner](https://gitlab.com/gitlab-org/charts/gitlab-runner) |
minor | `0.63.0` -> `0.64.0` |
|
[registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner](https://about.gitlab.com/)
([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner))
| minor | `v16.10.0` -> `v16.11.0` |
|
[registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper](https://about.gitlab.com/)
([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner-helper))
| minor | `v16.10.0` -> `v16.11.0` |
|
[registry1.dso.mil/ironbank/redhat/ubi/ubi9](https://catalog.redhat.com/software/container-stacks/detail/609560d9e2b160d361d24f98)
([source](https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9)) | minor |
`9.3` -> `9.4` |
---
### Release Notes
gitlab-org/charts/gitlab-runner (gitlab-runner)
###
[`v0.64.0`](https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/HEAD/CHANGELOG.md#v0640-2024-04-18)
[Compare
Source](https://gitlab.com/gitlab-org/charts/gitlab-runner/compare/v0.63.0...v0.64.0)
##### New features
- Update GitLab Runner version to v16.11.0
- Add support for connection_max_age parameter !468
- Propagate Service Account Name from values !367 (Martin Odstrčilík
[@martin](https://togithub.com/martin).odstrcilik)
##### Bug fixes
- Fix liveness probe for Runner Pod !466
---
### Configuration
📅 **Schedule**: Branch creation - "after 7am and before 9am every
weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner).
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com>
Co-authored-by: Zachariah Miller
Release-As: v16.11.0-uds.0
---
.vscode/settings.json | 42 +++++++++++++++++++++++++++++++
common/zarf.yaml | 2 +-
docs/DEVELOPMENT_MAINTENANCE.md | 1 +
tasks.yaml | 14 +++++++++++
test/journey/pipeline-run.test.ts | 4 +--
values/common-values.yaml | 11 +++++---
values/registry1-values.yaml | 6 ++---
values/upstream-values.yaml | 4 +--
zarf.yaml | 10 ++++----
9 files changed, 77 insertions(+), 17 deletions(-)
create mode 100644 .vscode/settings.json
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 00000000..edfcc352
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,42 @@
+{
+ "debug.javascript.terminalOptions": {
+ "enableTurboSourcemaps": true,
+ "resolveSourceMapLocations": [
+ "${workspaceFolder}/**",
+ "node_modules/kubernetes-fluent-client/**",
+ "node_modules/pepr/**"
+ ]
+ },
+ "yaml.schemas": {
+ "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [
+ "uds-bundle.yaml"
+ ],
+ "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [
+ "tasks.yaml",
+ "tasks/**/*.yaml",
+ ],
+ "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.31.0/zarf.schema.json": [
+ "zarf.yaml"
+ ]
+ },
+ "cSpell.words": [
+ "alertmanager",
+ "Authservice",
+ "automount",
+ "controlplane",
+ "crds",
+ "distros",
+ "ironbank",
+ "Kiali",
+ "Kyverno",
+ "MITM",
+ "neuvector",
+ "opensource",
+ "promtail",
+ "Quickstart",
+ "Gitlab",
+ "seccomp",
+ "Sysctls",
+ "Velero"
+ ]
+ }
diff --git a/common/zarf.yaml b/common/zarf.yaml
index c50bab30..6bd7c7a3 100644
--- a/common/zarf.yaml
+++ b/common/zarf.yaml
@@ -17,7 +17,7 @@ components:
- name: gitlab-runner
namespace: gitlab-runner
url: https://charts.gitlab.io
- version: "0.63.0"
+ version: "0.64.0"
valuesFiles:
- ../values/common-values.yaml
actions:
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 8e00d3a3..6439a288 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -24,4 +24,5 @@ When changes are merged to the `main` branch, the Release Please will evaluate a
> TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump.
When the auto generated Release Please PR is merged the following steps will automatically happen.
+
1) A new release will be created and tagged
diff --git a/tasks.yaml b/tasks.yaml
index ea46c3db..75dcbb24 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -37,6 +37,19 @@ tasks:
spoof_release: "true"
- task: create:test-bundle
+ - name: dev
+ description: Deploy gitlab-runner on existing cluster with existing gitlab
+ actions:
+ - task: create-glr-package
+ - task: create-glr-test-bundle
+ - task: deploy:test-bundle
+
+ - name: doug-admin
+ description: Promote Doug to admin (requires running setup:create-doug-user and logging into gitlab ui first)
+ actions:
+ - cmd: |
+ ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!"
+
# CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
- name: test-package
@@ -56,6 +69,7 @@ tasks:
- task: setup:k3d-test-cluster
- task: dependencies:deploy
- task: deploy:test-bundle
+ - task: setup:create-doug-user
- task: create-glr-test-bundle
- task: deploy:test-bundle
- task: test:glr-health-check
diff --git a/test/journey/pipeline-run.test.ts b/test/journey/pipeline-run.test.ts
index 9a0390ed..74822ca8 100644
--- a/test/journey/pipeline-run.test.ts
+++ b/test/journey/pipeline-run.test.ts
@@ -6,13 +6,13 @@ test('test kicking off a pipeline run', async () => {
// Get the root password for GitLab
const rootPasswordSecret = await K8s(kind.Secret).InNamespace("gitlab").Get("gitlab-gitlab-initial-root-password")
const rootPassword = atob(rootPasswordSecret.data!.password)
-
+ const arch = process.env.UDS_ARCH
// Create a test repository in GitLab using Zarf
zarfExec(["package", "create", "package", "--confirm"]);
zarfExec([
"package",
"mirror-resources",
- "zarf-package-gitlab-runner-test-amd64-0.0.1.tar.zst",
+ `zarf-package-gitlab-runner-test-${arch}-0.0.1.tar.zst`,
"--git-url", "https://gitlab.uds.dev/",
"--git-push-username", "root",
"--git-push-password", rootPassword,
diff --git a/values/common-values.yaml b/values/common-values.yaml
index 6a15b164..358db5c4 100644
--- a/values/common-values.yaml
+++ b/values/common-values.yaml
@@ -32,15 +32,18 @@ runners:
concurrent: 50
-securityContext:
- runAsUser: 1001
- runAsGroup: 1001
+podSecurityContext:
+ runAsUser: 100
+ fsGroup: 65534
-containerSecurityContext:
+securityContext:
+ allowPrivilegeEscalation: false
runAsNonRoot: true
+ privileged: false
capabilities:
drop: ["ALL"]
+
resources:
limits:
memory: 256Mi
diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml
index 648f62ec..7aee3737 100644
--- a/values/registry1-values.yaml
+++ b/values/registry1-values.yaml
@@ -4,14 +4,14 @@ useTini: true
image:
registry: "registry1.dso.mil"
image: "ironbank/gitlab/gitlab-runner/gitlab-runner"
- tag: v16.10.0
+ tag: v16.11.0
runners:
job:
registry: registry1.dso.mil
repository: ironbank/redhat/ubi/ubi9
- tag: "9.3"
+ tag: "9.4"
helper:
registry: registry1.dso.mil
repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
- tag: v16.10.0
+ tag: v16.11.0
diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml
index 95e66653..31541cb4 100644
--- a/values/upstream-values.yaml
+++ b/values/upstream-values.yaml
@@ -1,7 +1,7 @@
image:
registry: registry.gitlab.com
image: gitlab-org/gitlab-runner
- tag: alpine-v16.10.0
+ tag: alpine-v16.11.0
runners:
job:
@@ -11,4 +11,4 @@ runners:
helper:
registry: registry1.dso.mil
repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
- tag: v16.10.0
+ tag: v16.11.0
diff --git a/zarf.yaml b/zarf.yaml
index d3e74a6c..0050167c 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -24,9 +24,9 @@ components:
valuesFiles:
- values/registry1-values.yaml
images:
- - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.10.0"
- - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0"
- - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.3"
+ - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.11.0"
+ - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0"
+ - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4"
- name: gitlab-runner
required: true
@@ -40,6 +40,6 @@ components:
valuesFiles:
- values/upstream-values.yaml
images:
- - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.10.0" # renovate: versioning=regex:^alpine-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)?$
- - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0"
+ - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.11.0" # renovate: versioning=regex:^alpine-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)?$
+ - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0"
- "library/alpine:3.19.1" # renovate: versioning=regex:^(?\\d+)\\.(?\\d+)\\.(?\\d+)?$